/*     */ package com.zimbra.cs.account.accesscontrol;
/*     */ 
/*     */ import com.zimbra.common.service.ServiceException;
/*     */ import com.zimbra.common.util.Log;
/*     */ import com.zimbra.common.util.ZimbraLog;
/*     */ import com.zimbra.cs.account.AccessManager.AttrRightChecker;
/*     */ import com.zimbra.cs.account.Entry;
/*     */ import java.util.Map;
/*     */ import java.util.Map.Entry;
/*     */ import java.util.Set;
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ public class AllowedAttrs
/*     */   implements AccessManager.AttrRightChecker
/*     */ {
/*  33 */   private static final Log sLog = ZimbraLog.acl;
/*     */   private Result mResult;
/*     */   
/*  36 */   public static enum Result { ALLOW_ALL, 
/*  37 */     DENY_ALL, 
/*  38 */     ALLOW_SOME;
/*     */     
/*     */     private Result() {}
/*     */   }
/*     */   
/*     */   public static final AllowedAttrs ALLOW_ALL_ATTRS()
/*     */   {
/*  45 */     return new AllowedAttrs(Result.ALLOW_ALL, null);
/*     */   }
/*     */   
/*     */   public static final AllowedAttrs DENY_ALL_ATTRS() {
/*  49 */     return new AllowedAttrs(Result.DENY_ALL, null);
/*     */   }
/*     */   
/*     */   public static AllowedAttrs ALLOW_SOME_ATTRS(Set<String> allowSome) {
/*  53 */     return new AllowedAttrs(Result.ALLOW_SOME, allowSome);
/*     */   }
/*     */   
/*     */   private AllowedAttrs(Result result, Set<String> allowSome) {
/*  57 */     this.mResult = result;
/*  58 */     this.mAllowSome = allowSome;
/*     */   }
/*     */   
/*     */   public Result getResult() {
/*  62 */     return this.mResult;
/*     */   }
/*     */   
/*     */   public Set<String> getAllowed() {
/*  66 */     return this.mAllowSome;
/*     */   }
/*     */   
/*     */   public boolean allowAttr(String attrName) {
/*  70 */     if (this.mResult == Result.ALLOW_ALL)
/*  71 */       return true;
/*  72 */     if (this.mResult == Result.DENY_ALL) {
/*  73 */       return false;
/*     */     }
/*  75 */     String actualAttrName = getActualAttrName(attrName);
/*  76 */     return getAllowed().contains(actualAttrName);
/*     */   }
/*     */   
/*     */   boolean canAccessAttrs(Set<String> attrsNeeded, Entry target)
/*     */     throws ServiceException
/*     */   {
/*  82 */     if (sLog.isDebugEnabled()) {
/*  83 */       sLog.debug("canAccessAttrs attrsAllowed: " + dump());
/*     */       
/*  85 */       StringBuilder sb = new StringBuilder();
/*  86 */       if (attrsNeeded == null) {
/*  87 */         sb.append("<all attributes>");
/*     */       } else {
/*  89 */         for (String a : attrsNeeded)
/*  90 */           sb.append(a + " ");
/*     */       }
/*  92 */       sLog.debug("canAccessAttrs attrsNeeded: " + sb.toString());
/*     */     }
/*     */     
/*  95 */     if (this.mResult == Result.ALLOW_ALL)
/*  96 */       return true;
/*  97 */     if (this.mResult == Result.DENY_ALL) {
/*  98 */       return false;
/*     */     }
/*     */     
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/* 105 */     if (attrsNeeded == null) {
/* 106 */       return false;
/*     */     }
/*     */     
/* 109 */     Set<String> allowed = getAllowed();
/* 110 */     for (String attr : attrsNeeded) {
/* 111 */       String attrName = getActualAttrName(attr);
/*     */       
/* 113 */       HardRules.checkForbiddenAttr(attrName);
/*     */       
/* 115 */       if (!allowed.contains(attrName))
/*     */       {
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/* 123 */         throw ServiceException.PERM_DENIED("cannot access attribute " + attrName + " on " + TargetType.getTargetType(target) + " target " + target.getLabel());
/*     */       }
/*     */     }
/*     */     
/*     */ 
/* 128 */     return true;
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */   private Set<String> mAllowSome;
/*     */   
/*     */ 
/*     */ 
/*     */   boolean canSetAttrsWithinConstraints(RightBearer.Grantee grantee, Entry target, Map<String, Object> attrsNeeded)
/*     */     throws ServiceException
/*     */   {
/* 142 */     if (attrsNeeded == null) {
/* 143 */       throw ServiceException.FAILURE("internal error", null);
/*     */     }
/* 145 */     if (this.mResult == Result.DENY_ALL) {
/* 146 */       return false;
/*     */     }
/* 148 */     Entry constraintEntry = AttributeConstraint.getConstraintEntry(target);
/* 149 */     Map<String, AttributeConstraint> constraints = constraintEntry == null ? null : AttributeConstraint.getConstraint(constraintEntry);
/*     */     
/* 151 */     boolean hasConstraints = (constraints != null) && (!constraints.isEmpty());
/*     */     
/* 153 */     if (hasConstraints)
/*     */     {
/*     */ 
/* 156 */       AllowedAttrs allowedAttrsOnConstraintEntry = CheckAttrRight.accessibleAttrs(grantee, constraintEntry, AdminRight.PR_SET_ATTRS, false);
/*     */       
/*     */ 
/* 159 */       if ((allowedAttrsOnConstraintEntry.getResult() == Result.ALLOW_ALL) || ((allowedAttrsOnConstraintEntry.getResult() == Result.ALLOW_SOME) && (allowedAttrsOnConstraintEntry.getAllowed().contains("zimbraConstraint"))))
/*     */       {
/*     */ 
/* 162 */         hasConstraints = false;
/*     */       }
/*     */     }
/* 165 */     boolean allowAll = this.mResult == Result.ALLOW_ALL;
/* 166 */     Set<String> allowed = getAllowed();
/*     */     
/* 168 */     for (Map.Entry<String, Object> attr : attrsNeeded.entrySet()) {
/* 169 */       String attrName = getActualAttrName((String)attr.getKey());
/*     */       
/* 171 */       HardRules.checkForbiddenAttr(attrName);
/*     */       
/* 173 */       if ((!allowAll) && (!allowed.contains(attrName)))
/*     */       {
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/* 181 */         throw ServiceException.PERM_DENIED("cannot access attribute " + attrName + " on " + TargetType.getTargetType(target) + " target " + target.getLabel());
/*     */       }
/*     */       
/*     */ 
/*     */ 
/* 186 */       if ((hasConstraints) && 
/* 187 */         (AttributeConstraint.violateConstraint(constraints, attrName, attr.getValue()))) {
/* 188 */         return false;
/*     */       }
/*     */     }
/* 191 */     return true;
/*     */   }
/*     */   
/*     */   private String getActualAttrName(String attr) {
/* 195 */     if ((attr.charAt(0) == '+') || (attr.charAt(0) == '-')) {
/* 196 */       return attr.substring(1);
/*     */     }
/* 198 */     return attr;
/*     */   }
/*     */   
/*     */   public String dump() {
/* 202 */     StringBuilder sb = new StringBuilder();
/* 203 */     sb.append("result = " + this.mResult + " ");
/*     */     
/* 205 */     if (this.mResult == Result.ALLOW_SOME) {
/* 206 */       sb.append("allowed = (");
/* 207 */       for (String a : this.mAllowSome)
/* 208 */         sb.append(a + " ");
/* 209 */       sb.append(")");
/*     */     }
/*     */     
/* 212 */     return sb.toString();
/*     */   }
/*     */ }


/* Location:              /home/mint/zimbrastore.jar!/com/zimbra/cs/account/accesscontrol/AllowedAttrs.class
 * Java compiler version: 7 (51.0)
 * JD-Core Version:       0.7.1
 */